e-discovery 2.0

Google has publicly released the number of U.S. Government requests it had for email productions in the six months preceding December 31, 2009.  They have had to comply with 94% of these 4,601 requests.  Granted, many of these requests were search warrants or subpoenas, but many were not.  Now take 4,601 and multiply it by at least 3 for other social media sources for Facebook, LinkedIn, and Twitter.  The number is big – and so is the concern over how this information is being obtained.

What has becoming increasingly common (and alarming at the same time) is the way this electronically stored information (ESI) is being obtained from third party service providers by the U.S. Government. Some of these requests were actually secret court orders; it is unclear how many of the matters were criminal or civil.  Many of these service providers (Sonic, Google, Microsoft, etc.) are challenging these requests and most often losing. They are losing on two fronts:  1) they are not allowed to inform the data owner about the requests, nor the subsequent production of the emails, and 2) they are forced to actually produce the information.  For example, the U.S. Government obtained one of these secret orders to get WikiLeaks volunteer Jacob Applebaum’s email contact list of the people he has corresponded with over the past two years.  Both Google and Sonic.net were ordered to turn over information and Sonic challenged  the order and lost.  This has forced technology companies to band together to lobby Congress to require search warrants in digital investigations.

There are three primary laws operating at this pivotal intersection that affect the discovery of ESI that resides with third party service providers, and these laws are in a car wreck with no ambulance in sight.  First, there is the antiquated Federal Law, the Electronic Communications Privacy Act of 1986, over which there is much debate at present.  To put the datedness of the ECPA in perspective, it was written before the internet.  This law is the basis that allows the government to secretly obtain information from email and cell phones without a search warrant. Not having a search warrant is in direct conflict with the U.S. Constitution’s 4th Amendment protection against unreasonable searches and seizures.  In the secret order scenario, the creator of data is denied their right to know about the search and seizure (as they would if their homes were being searched, for example) as it is transpiring with the third party.

Where a secret order has been issued and emails have been obtained from a third party service provider, we see the courts treating email much differently than traditional mail and telephone lines.  However, the intent of the law was to give electronic communications the same protections that mail and phone calls have enjoyed for some time. Understandably, the law did not anticipate the advent of the technology we have today.  This is the first collision, and the reason the wheels have gone off the car, since the standard under the ECPA sets a lower bar for email than that of the former two modes of communication.  The government must only show “reasonable grounds” that the records would be “relevant and material” to an investigation, criminal or civil, compared to the other higher standard.

The third law in this collision is the Freedom of Information Act (FOIA).  While certain exceptions and allowances are made for national security and in criminal investigations, these secret orders are not able to be seen by the person whose information has been requested.  Additionally, the public wants to see these requests and these orders, especially if they have no chance of fighting them.  What remains to be seen is what our rights are under FOIA to see these orders, either as a party or a non-related individual to the investigation as a matter of public record.  U.S. Senator Patrick Leahy, (D-VT), the author of the ECPA, acknowledged in no uncertain terms that the law is “significantly outdated and outpaced by rapid changes in technology.”   He has since introduced a bill with many changes that third party service providers have lobbied for to bring the ECPA up to date. The irony of this situation is that the law was intended to provide the same protections for all modes of communication, but in fact makes it easier for the government to request information without the author even knowing.

This is one of the most important issues now facing individuals and the government in the discovery of ESI during investigations and litigation.  A third party service provider of cloud offerings is really no different than a utility company, and the same paradigm can exist as it does with the U.S. Postal Service and the telephone companies when looking to discover this information under the Fourth Amendment, where a warrant is required. The law looks to be changing to reflect this and FOIA should allow the public to access these orders.  Amendments to the Act have been introduced by Senator Leahy, and we can look forward to the common sense changes he proposes that are necessary.  The American people don’t like secrets. Lawyers, get ready to embrace the revisions into your practice by reading up on the changes as they will impact your practices significantly in the near future.

In the eDiscovery universe, hot trends and evolving technologies tend to capture the attention of the legal community.  Discoverable data sources have been the focus in the courtroom for quite some time, and just like the “popular kids” from high school, email has held the crown of eDiscovery darling.  Not surprisingly, the more time end-users spend in a specific medium (on Facebook, for example), the more likely data will be created – and as that data multiplies, it has the potential to become compelling in discovery.  It seems that many U.S. organizations are electing to allow social media use at work and for work, rather than blocking access.  For obvious reasons, granting this access is culturally desirable, but from an eDiscovery perspective social media use introduces new complications.  However, don’t be mystified.  There is nothing that new here.

Recently, Symantec issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information.  Having lost some popularity, email came in third place (58%) to files/documents (67%) and database/application data (61%) when respondents were asked what type of documents were most commonly part of an eDiscovery request.  The new kid on the block for data sources is social media, reported by 41% of those surveyed.  Social media is in essence no different than any other data type in the eDiscovery process, it’s just the newest.  Said another way; social media is the new email.

Of course, it’s no longer news to proclaim that communications from social networking sites are discoverable.  What is newsworthy is the question of how to effectively store, manage and discover these communications which come in such varying forms, making the logistics of doing so for social media different than for traditional mediums.  Like email, social media is used by everyone (ubiquitous), is viral (fast), has mixed uses (professional and personal) and there is a lot of it (high volume).  Unlike email, social media comes in many different forms (Facebook, LinkedIn, Twitter, etc.), is not controlled within an organization’s firewalls (custody, possession and control issues), and has more complex requirements within the information governance lifecycle (technology is needed to ingest social media into an archive).

The two main areas to examine in relation to social media use and an organization’s policies are: 1) the legal issues that apply specifically to the organization, and 2) the logistical and technical requirements for preservation and collection.  Essentially, what is the organization’s policy surrounding social media use, and how can the information be accessed if need be? Luckily, technology exists that is nimble enough to be able to ingest social media and archive it in accordance with an organization’s policy, should one exist.  Organizations that have recognized social media as the newest kid on the block have, ideally: developed a social media policy, purchased (or deployed) collection and retention technology, and instituted training for their employees.  They have also integrated social media into their information governance strategy and document retention policy. Remember, not all organizations will have to archive social media, but all should address social media with a policy and training.

Other organizations have not accepted social media as part of the evolutionary process of eDiscovery.  They proceed at their own peril – as did the organizations that did not control their email some ten years ago!

These organizations will be in crisis when they need to collect social media for litigation and will most likely have a large lesson in damage control, as well as an equally large bill.  They will be uneducated, ill-prepared and overwhelmed about how to discover social media.  Without a policy, they will have to over collect by default, which will drive up the costs for collection and possibly for downstream review.  Given that the aforementioned survey found nearly half of the respondents did not have an information retention policy in place, and of this group, only 30% were discussing how to do so, it is likely that many of these organizations do not yet have a social media policy either.

With this background in mind, organizations should evaluate which laws and regulations apply to their organization, develop a policy and train their employees on that policy.  Plus ça change, plus c’est la même chose.

For more information about how IT and Legal can manage the impact of social media on their organization and to learn how archiving social media can be accomplished, please join this webcast from Symantec.

Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute.  Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests.  In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%).  Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer.

Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren’t also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.”   While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table.

The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.  Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized.  Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were:

• 81% more likely to have a formal retention plan in place
• 63% more likely to automate legal holds
• 50% more likely to use a formal archiving tool

These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences:

• 78% less likely to be sanctioned
• 47% less likely to lead to a compromised legal position
• 45% less likely to disclose too much information

This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary.  Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways.  Some have estimated that it costs between $3-5 a document for manual attorney review – and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies with bad information governance hygiene.  While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction.  Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.  Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever.  When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.  While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan.

As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.”  And, the winds of change are upon us.  Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town.

For more information regarding good records management hygiene, check out this informative video blog and Contoural article.

As the saying goes, “I’ve seen the future and the future is now.”  This was my first reaction after analyzing two recent surveys regarding social media and eDiscovery.  The first one was from Clearwell (now a part of Symantec) and the Enterprise Strategy Group, entitled: “Trends in E-Discovery: Cloud and Collection.”  Beyond examining cloud issues it also queried respondents about the growing impact of social media on electronic discovery.  While many of the responses struck me as intuitive, I was taken by the fact that we seem to have crossed over the chasm of social media to the point that this content simply cannot be ignored any longer.  For ages, and perhaps some still today, email was the 800 pound gorilla in the eDiscovery context, often to the dangerous exclusion of other forms of electronically stored information (ESI).

But, in 2011 we’ve now reached the tipping point – with 58 percent of respondents of the ESG survey expecting to manage social media applications as part of eDiscovery, more than double the 27 percent who did so in 2010.  That’s not only a massive increase in one year, but it also moves social media from a fringe element to a mainstream source of ESI.  When asked what types of social media applications would be the most relevant for eDiscovery, 79 percent of survey respondents named Facebook, followed by Twitter (64 percent) and LinkedIn (55 percent).

Similarly (and coincidentally), Applied Research and Symantec (who just acquired Clearwell) queried 1,225 senior enterprise IT professionals around the world in a Social Media Flash Poll.  In one of the main findings, the Flash Poll found that social media is extremely ubiquitous in the enterprise environment, with 45 percent of respondents using it for personal uses and 42 percent using it for business reasons.  Rating highly were a number of disparate social media devices including blogs, multimedia sharing, business forums and, of course, social networking – both personal (e.g., Facebook) and business (e.g., LinkedIn).

The impact on eDiscovery, while somewhat obvious, is nevertheless a significant challenge for many enterprises.

Initially, the increased use of social media intrinsically means that email isn’t likely to be the sole source of responsive information pertaining to a lawsuit (or governmental inquiry).  While this hasn’t really been the case for a while, it’s time for the attorneys scoping eDiscovery matters to face facts and abandon old school notions that email axiomatically equals eDiscovery.  For good or ill, our world of potentially responsive ESI simply isn’t that homogenous.

The Flash Poll also honed in on how this increased use of social media is impacting IT professionals.  While information governance concepts (compliance with regulations and retention polices – both at 45 percent) rated higher on their risk index, the management of eDiscovery was still a significant (and growing) concern at 37 percent.  And, while IT folks are increasingly concerned, it’s safe to say that their attorney counterparts (who have a heightened sense of risk profiling) are even more worried about the impact of social media on the already complex eDiscovery process.

So, what can be done in the face of this changing eDiscovery landscape that used to be dominated by email?  First and foremost, it’s imperative to understand your unique regulatory and legal requirements.  This facilitates the mapping of new social media technologies and content to the requisite policies that address data mapping and the retention of social media content, either in a proactive sense (i.e., archiving) or in a reactive sense (i.e., litigation hold).

As Glenn Close frighteningly said in her 1987 thriller, Fatal Attraction, “I will not be ignored.”  That warning fits the entire social media genre as it relates to eDiscovery in 2011.  And, just like ignoring Glenn Close, failing to pay proper attention to social media is done at significant peril to both IT professionals and attorneys alike.

What’s next in the electronic discovery world?  Well, it’s nearly impossible to say with too much precision, but my recent e-discovery trends article attempts to peer into the crystal ball to divine some hints about the future.

The following five predictions are what I expect to create the biggest waves in e-discovery in 2011.  Most are nascent trends that we’ve seen a bit of in 2010, but that should continue to accelerate next year.  Enterprises that can prepare for and understand these areas will be well equipped to continue taking a proactive approach to the ever-changing challenges of e-discovery.

1. Changes in Forensic Best Practices: In 2011, manual forensic imaging will continue to take a backseat to more automated, forensically sound data collection techniques.  Forensic (bit for bit) images have long been the gold standard for the legally sound collection of ESI in response to legal proceedings.  And, while forensic imaging will continue to be important in a number of discrete situations (fraud, misappropriation of trade secrets cases, etc.), it will largely be seen as overkill in basic electronic discovery cases.  Since imaging is both time consuming and highly manual, automated collection tools will increasingly be used by savvy organizations to speed up and streamline the collection process.
2. Consolidation in the Electronic Discovery Industry: Consolidation in the electronic discovery sector will impact market forces and the balance of power.  The past year saw traditional, pure-play electronic discovery companies looking (sometimes successfully and sometimes not) for diversification and deep pockets.  In the upcoming year, the relative dearth of pure play EDD companies may reverse the downward price pressure that’s been seen over the past several years.
3. Proportionality Becomes Reality: Burgeoning data volumes, as seen in multi-terabyte (versus gigabyte) cases, means that the legal community will continue to search for ways to prevent electronic discovery costs from exceeding legal exposure and attorneys fees.  Groups like The Sedona Conference will continue to push for better clarification within the community surrounding “proportionality” in order to keep the electronic discovery “tail” from wagging the litigation “dog.”  If successful at all, there may be a slight respite for litigious enterprises that may be able to better scale e-discovery efforts with the risk profile of the matter at hand.
4. Collision of Cloud, Social Media and E-Discovery: The seemingly unstoppable migration of corporate data to the cloud, combined with the proliferation of social media applications, will continue to stress electronic discovery practitioners as they attempt to preserve, collect, search, and process electronically stored information (ESI) from sources that aren’t traditionally managed behind the firewall.  Proactive enterprises will increasingly evaluate the legal and compliance risks of storing data in the cloud so that they’re not painted into a corner when they need to preserve, collect, and produce offsite ESI.
5. Global E-Discovery Matures: International jurisdictions will increasingly look to the United States (and the Federal Rules of Civil Procedure) as their nascent electronic discovery paradigms are increasingly stressed by the proliferation of both ESI and discovery disputes.  The recent Goodale case out of the UK (and impending procedural changes to the e-Disclosure Practice Direction) demonstrates how the global community is rapidly maturing along the electronic discovery continuum.

While the tools and best practices designed to combat top ediscovery hurdles continue to mature, the challenges are multiplying at any equally fast rate.  In the past, the crux of most discovery matters usually centered around email and sometimes instant messaging.  In 2011, new problems will continue to crop up on the horizon, such as collecting SharePoint data from the cloud, trying to extract structured data from a range of proprietary systems and capturing ephemeral ESI from an ever changing array of social media applications.

Please let me know if you disagree with any of the predictions or have any others you’d like to share.

It’s not just in New Jersey that corruption is in the news. It feels like everywhere you go, the authorities are investigating white collar crime and thus have an increasing need for electronic discovery technology.

Earlier this month, as those of you who follow my Twitter feed will know, I was visiting customers and partners in Germany. In virtually every meeting, data privacy and corruption investigations were top of mind, and with good reason. Following the Siemens case last year, German investigators have become much more active and it was easy for my hosts to list example after example of recent cases. There was the Deutsche Bahn case of management spying on its own employees, in violation of German privacy laws; the Deutsche Bank case of management spying on its own board; and, the Deutsche Telecom case of management phone tapping employees to find leaks. There were stories of price collusion among cable car companies in the Alps, and corruption investigations into the activities of German companies in Eastern Europe.

A similar focus on anti-corruption exists closer to home. I have written before about the increase in FCPA investigations and that’s been reflected in recent headlines. As the Wall Street Journal reports, Sun and Shell have recently come under the microscope, according to their public filings. And Frederic Bourke, a founder of the accessories firm Dooney & Bourke, was recently found guilty of conspiracy to violate the Foreign Corrupt Practices Act, which may result in jail time.

All indications are that the U.S. Department of Justice and its counterparts overseas are just warming up. It’s not a good time for white collar crime, wherever you are in the world.

Lately, the electronic discovery blogosphere has been, well, a-twitter about twitter and other social media as they relate to electronic discovery. While twitter struggles to find a business model, enterprises and law firms are racing to understand the implications of this latest boomtown of user-generated content that’s being built in out on the frontier of the World Wide Web (or is that Wild Wild West?).

There’s talk of intellectual property being cast out, irrevocably, onto the Internet for all to see. Or slanderous things being uttered for which your company may be held liable. But, hold on a second: is there really anything new here? Anyone heard of e-mail? Web pages? Peer-to-peer? Google? Instant messaging? As Debra Logan astutely points out in her recent post on the topic, “everything that exists is discoverable (at least pretty much).” If you haven’t already, take a look at the FRCP’s definition of ESI and you’ll get her point. So, yes, it’s obviously important to have a common sense corporate policy around what’s appropriate and what’s not for the public Internet, but it shouldn’t be any different from the policy that you should have already had in place regarding blogs, web pages, and email.

What about the other side of the electronic discovery coin: finding information that’s responsive to a request? If anything, social media are more easily discoverable than just about any other form of user-generated content (though admittedly in some cases they can be more transient, which can post unique challenges). And, while it’s not universally true, the argument can be made that the more easily something can be discovered, the lower the cost and risk of that content to you. Worried if anyone on twitter is stealing your new idea for a router architecture? How about the top-secret approach to making coffee you were thinking about patenting? Well, if anyone twittered about it, tracking it down is a snap. Just keep in mind that because of the public nature of social media, it’s likely that the more important the information is to your company in the context of electronic discovery, the less likely it is to live out on the public Internet. Obviously, there will be exceptions. But when there are those exceptions, tracking down the relevant information will likely be a fairly straightforward and relatively inexpensive process.

However, before we dismiss social media as nothing new and something that can largely be addressed through already-existing policies and discovery techniques, let’s consider one aspect of social media that is on the upswing, but often out of the blogging limelight: enterprise applications.

Increasingly, companies are moving to advanced enterprise social media platforms such as Jive or SocialText as a way of improving internal collaboration and making projects run more smoothly and effectively. Because such enterprise platforms are often used on a company’s most important and strategic projects, having robust e-discovery capabilities to allow internal blog, wiki, and discussion content to be captured and placed into a format that can be seamlessly searched along with other more traditional documents is becoming critical to forward-thinking enterprises.

For example, I recently came across a large financial institution that uses Jive SBS as its wiki and Clearwell as its e-discovery solution. What surprised me is that this company has created its own Jive/Clearwell “adapter” that feeds Jive discussions directly into Clearwell as a conversation thread. This is just one example, but I’m sure more will follow. Over time, it will become a requirement for e-discovery platforms to integrate with enterprise social media products. And, rest assured, as that happens, we’ll be sure to tweet about it!

UPDATE: Whit Andrews of Gartner was kind enough point out his (prescient) research note on the subject of e-discovery and social networking from November, 2007. He points out that there is in fact a very important “new new thing” about social networks, which is that they may be able to be leveraged in an e-discovery context to find out more about the people relevant to an investigation. By tapping these publically-available sources of information, investigators may be able to gain better insight into private (i.e. enterprise) information stores to guide the e-discovery process. More detail on this and other insights can be found at http://www.gartner.com/DisplayDocument?id=543110&ref=g_forward&call=email.

Learn More On Electronic Discovery Litigation